From f66d4bcf968eea325932bc948b1c6b181fabc7ee Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Thu, 23 Jun 2016 16:43:28 +0200 Subject: Add masterkey and keystore commands. --- .gitmodules | 1 + projects/hsm/Makefile | 9 +- projects/hsm/mgmt-cli.c | 4 + projects/hsm/mgmt-keystore.c | 286 ++++++++++++++++++++++++++++++++++++++++++ projects/hsm/mgmt-keystore.h | 43 +++++++ projects/hsm/mgmt-masterkey.c | 194 ++++++++++++++++++++++++++++ projects/hsm/mgmt-masterkey.h | 43 +++++++ 7 files changed, 579 insertions(+), 1 deletion(-) create mode 100644 projects/hsm/mgmt-keystore.c create mode 100644 projects/hsm/mgmt-keystore.h create mode 100644 projects/hsm/mgmt-masterkey.c create mode 100644 projects/hsm/mgmt-masterkey.h diff --git a/.gitmodules b/.gitmodules index d3946e7..898dc58 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,7 @@ [submodule "libhal"] path = libraries/libhal url = git@git.cryptech.is:sw/libhal.git + branch = ft-ks_flash [submodule "thirdparty/libtfm"] path = libraries/thirdparty/libtfm url = git@git.cryptech.is:sw/thirdparty/libtfm.git diff --git a/projects/hsm/Makefile b/projects/hsm/Makefile index 55e021f..a5bd30a 100644 --- a/projects/hsm/Makefile +++ b/projects/hsm/Makefile @@ -1,7 +1,14 @@ PROJ = hsm # objs in addition to $(PROJ).o -OBJS = crc32.o mgmt-cli.o mgmt-dfu.c mgmt-fpga.c mgmt-misc.c mgmt-show.c +OBJS = crc32.o \ + mgmt-cli.o \ + mgmt-dfu.c \ + mgmt-fpga.c \ + mgmt-keystore.c \ + mgmt-masterkey.c \ + mgmt-misc.c \ + mgmt-show.c BOARD_OBJS = \ $(TOPLEVEL)/stm-init.o \ diff --git a/projects/hsm/mgmt-cli.c b/projects/hsm/mgmt-cli.c index bef530e..2606e21 100644 --- a/projects/hsm/mgmt-cli.c +++ b/projects/hsm/mgmt-cli.c @@ -43,6 +43,8 @@ #include "mgmt-fpga.h" #include "mgmt-misc.h" #include "mgmt-show.h" +#include "mgmt-keystore.h" +#include "mgmt-masterkey.h" /* MGMT UART interrupt receive buffer (data will be put in a larger ring buffer) */ volatile uint8_t uart_rx; @@ -202,6 +204,8 @@ int cli_main(void) configure_cli_fpga(&cli); configure_cli_misc(&cli); configure_cli_dfu(&cli); + configure_cli_keystore(&cli); + configure_cli_masterkey(&cli); while (1) { embedded_cli_loop(&cli); diff --git a/projects/hsm/mgmt-keystore.c b/projects/hsm/mgmt-keystore.c new file mode 100644 index 0000000..14d8e1b --- /dev/null +++ b/projects/hsm/mgmt-keystore.c @@ -0,0 +1,286 @@ +/* + * mgmt-keystore.c + * --------------- + * CLI 'keystore' commands. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#define HAL_OK CMSIS_HAL_OK + +#include "stm-init.h" +#include "stm-keystore.h" +#include "stm-fpgacfg.h" +#include "stm-uart.h" + +#include "mgmt-cli.h" +#include "mgmt-show.h" + +/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */ +#undef HAL_OK +#define LIBHAL_OK HAL_OK +#include "hal.h" +#define HAL_STATIC_PKEY_STATE_BLOCKS 6 +#include "hal_internal.h" +#undef HAL_OK + +#include + + +int cmd_keystore_set_pin(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + const hal_ks_keydb_t *db; + hal_user_t user; + hal_ks_pin_t pin; + hal_error_t status; + + db = hal_ks_get_keydb(); + + if (db == NULL) { + cli_print(cli, "Could not get a keydb from libhal"); + return CLI_OK; + } + + if (argc != 3) { + cli_print(cli, "Wrong number of arguments (%i).", argc); + cli_print(cli, "Syntax: keystore set pin "); + return CLI_ERROR; + } + + user = HAL_USER_NONE; + if (strcmp(argv[0], "user") == 0) user = HAL_USER_NORMAL; + if (strcmp(argv[0], "so") == 0) user = HAL_USER_SO; + if (strcmp(argv[0], "wheel") == 0) user = HAL_USER_WHEEL; + if (user == HAL_USER_NONE) { + cli_print(cli, "First argument must be 'user', 'so' or 'wheel' - not '%s'", argv[0]); + return CLI_ERROR; + } + + pin.iterations = strtol(argv[1], NULL, 0); + + /* We don't actually PBKDF2 the given PIN yet, just testing */ + strncpy((char *) pin.pin, argv[2], sizeof(pin.pin)); + + if ((status = hal_ks_set_pin(user, &pin)) != LIBHAL_OK) { + cli_print(cli, "Failed setting PIN: %s", hal_error_string(status)); + return CLI_ERROR; + } + + return CLI_OK; +} + +int cmd_keystore_set_key(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + hal_error_t status; + int hint = 0; + + if (argc != 2) { + cli_print(cli, "Wrong number of arguments (%i).", argc); + cli_print(cli, "Syntax: keystore set key "); + return CLI_ERROR; + } + + if ((status = hal_ks_store(HAL_KEY_TYPE_EC_PUBLIC, + HAL_CURVE_NONE, + 0, + (uint8_t *) argv[0], strlen(argv[0]), + (uint8_t *) argv[1], strlen(argv[1]), + &hint)) != LIBHAL_OK) { + + cli_print(cli, "Failed storing key: %s", hal_error_string(status)); + return CLI_ERROR; + } + + cli_print(cli, "Stored key %i", hint); + + return CLI_OK; +} + +int cmd_keystore_delete_key(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + hal_error_t status; + int hint = 0; + + if (argc != 1) { + cli_print(cli, "Wrong number of arguments (%i).", argc); + cli_print(cli, "Syntax: keystore delete key "); + return CLI_ERROR; + } + + if ((status = hal_ks_delete(HAL_KEY_TYPE_EC_PUBLIC, + (uint8_t *) argv[0], strlen(argv[0]), + &hint)) != LIBHAL_OK) { + + cli_print(cli, "Failed deleting key: %s", hal_error_string(status)); + return CLI_ERROR; + } + + cli_print(cli, "Deleted key %i", hint); + + return CLI_OK; +} + +int cmd_keystore_rename_key(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + hal_error_t status; + int hint = 0; + + if (argc != 2) { + cli_print(cli, "Wrong number of arguments (%i).", argc); + cli_print(cli, "Syntax: keystore rename key "); + return CLI_ERROR; + } + + if ((status = hal_ks_rename(HAL_KEY_TYPE_EC_PUBLIC, + (uint8_t *) argv[0], strlen(argv[0]), + (uint8_t *) argv[1], strlen(argv[1]), + &hint)) != LIBHAL_OK) { + + cli_print(cli, "Failed renaming key: %s", hal_error_string(status)); + return CLI_ERROR; + } + + cli_print(cli, "Renamed key %i", hint); + + return CLI_OK; +} + +int cmd_keystore_show_data(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + uint8_t buf[KEYSTORE_PAGE_SIZE]; + uint32_t i; + + if (keystore_check_id() != 1) { + cli_print(cli, "ERROR: The keystore memory is not accessible."); + } + + memset(buf, 0, sizeof(buf)); + if ((i = keystore_read_data(0, buf, sizeof(buf))) != 1) { + cli_print(cli, "Failed reading first page from keystore memory: %li", i); + return CLI_ERROR; + } + + cli_print(cli, "First page from keystore memory:\r\n"); + uart_send_hexdump(STM_UART_MGMT, buf, 0, sizeof(buf) - 1); + uart_send_string2(STM_UART_MGMT, (char *) "\r\n\r\n"); + + for (i = 0; i < 8; i++) { + if (buf[i] == 0xff) break; /* never written */ + if (buf[i] != 0x55) break; /* something other than a tombstone */ + } + /* As a demo, tombstone byte after byte of the first 8 bytes in the keystore memory + * (as long as they do not appear to contain real data). + * If all of them are tombstones, erase the first sector to start over. + */ + + /* + if (i < 8) { + if (buf[i] == 0xff) { + cli_print(cli, "Tombstoning byte %li", i); + buf[i] = 0x55; + if ((i = keystore_write_data(0, buf, sizeof(buf))) != 1) { + cli_print(cli, "Failed writing data at offset 0: %li", i); + return CLI_ERROR; + } + } + } else { + cli_print(cli, "Erasing first sector since all the first 8 bytes are tombstones"); + if ((i = keystore_erase_sectors(1, 1)) != 1) { + cli_print(cli, "Failed erasing the first sector: %li", i); + return CLI_ERROR; + } + cli_print(cli, "Erase result: %li", i); + } + */ + + return CLI_OK; +} + +int cmd_keystore_show_keys(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + const hal_ks_keydb_t *db; + + db = hal_ks_get_keydb(); + + if (db == NULL) { + cli_print(cli, "Could not get a keydb from libhal"); + return CLI_OK; + } + + cli_print(cli, "Sizeof db->keys is %i, sizeof one key is %i\n", sizeof(db->keys), sizeof(*db->keys)); + + for (int i = 0; i < sizeof(db->keys)/sizeof(*db->keys); i++) { + if (! db->keys[i].in_use) { + cli_print(cli, "Key %i, not in use", i); + } else { + cli_print(cli, "Key %i, in use 0x%x, name '%s' der '%s'", + i, db->keys[i].in_use, db->keys[i].name, db->keys[i].der); + } + } + + cli_print(cli, "\nPins:"); + cli_print(cli, "Wheel iterations: 0x%lx", db->wheel_pin.iterations); + cli_print(cli, "SO iterations: 0x%lx", db->so_pin.iterations); + cli_print(cli, "User iterations: 0x%lx", db->user_pin.iterations); + cli_print(cli, "\n"); + + return CLI_OK; +} + +void configure_cli_keystore(struct cli_def *cli) +{ + /* keystore */ + cli_command_root(keystore); + /* keystore set */ + cli_command_branch(keystore, set); + /* keystore delete */ + cli_command_branch(keystore, delete); + /* keystore rename */ + cli_command_branch(keystore, rename); + /* keystore show */ + cli_command_branch(keystore, show); + + /* keystore set pin */ + cli_command_node(keystore_set, pin, "Set either 'wheel', 'user' or 'so' PIN"); + + /* keystore set key */ + cli_command_node(keystore_set, key, "Set a key"); + + /* keystore delete key */ + cli_command_node(keystore_delete, key, "Delete a key"); + + /* keystore rename key */ + cli_command_node(keystore_rename, key, "Rename a key"); + + /* keystore show data */ + cli_command_node(keystore_show, data, "Dump the first page from the keystore memory"); + + /* keystore show keys */ + cli_command_node(keystore_show, keys, "Show what PINs and keys are in the keystore"); +} diff --git a/projects/hsm/mgmt-keystore.h b/projects/hsm/mgmt-keystore.h new file mode 100644 index 0000000..62efa51 --- /dev/null +++ b/projects/hsm/mgmt-keystore.h @@ -0,0 +1,43 @@ +/* + * mgmt-keystore.h + * ---------- + * Management CLI 'keystore' functions. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __STM32_CLI_MGMT_KEYSTORE_H +#define __STM32_CLI_MGMT_KEYSTORE_H + +#include "stm-init.h" +#include + +extern void configure_cli_keystore(struct cli_def *cli); + +#endif /* __STM32_CLI_MGMT_KEYSTORE_H */ diff --git a/projects/hsm/mgmt-masterkey.c b/projects/hsm/mgmt-masterkey.c new file mode 100644 index 0000000..7cea62d --- /dev/null +++ b/projects/hsm/mgmt-masterkey.c @@ -0,0 +1,194 @@ +/* + * mgmt-masterkey.c + * ---------------- + * Masterkey CLI functions. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "stm-init.h" +#include "stm-uart.h" +#include "mgmt-cli.h" +#include "mgmt-masterkey.h" +#include "masterkey.h" + +#include + +#define KEK_LENGTH (256 / 8) + +static char * _status2str(masterkey_status_t status) +{ + switch (status) { + case HSM_MASTERKEY_SET: + return (char *) "Set"; + case HSM_MASTERKEY_NOT_SET: + return (char *) "Not set"; + default: + return (char *) "Unknown"; + } +} + +static int _parse_hex_groups(uint8_t *buf, size_t len, char *argv[], int argc) +{ + int i; + uint32_t *dst = (uint32_t *) buf; + uint32_t *end = (uint32_t *) buf + len - 1; + char *err_ptr = NULL; + + if (! argc) return 0; + + for (i = 0; i < argc; i++) { + if (dst >= end) return -1; + *dst++ = strtol(argv[i], &err_ptr, 16); + if (*err_ptr) return -2; + } + + return 1; +} + +static int cmd_masterkey_status(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + masterkey_status_t status; + uint8_t buf[KEK_LENGTH] = {0}; + + cli_print(cli, "Status of master key:\n"); + + status = masterkey_volatile_read(NULL, 0); + cli_print(cli, " volatile: %s", _status2str(status)); + + status = masterkey_flash_read(NULL, 0); + cli_print(cli, " flash: %s", _status2str(status)); + + /* XXX Temporary gaping security hole while developing the master key functionality. + * REMOVE READ-OUT OF MASTER KEY. + */ + + status = masterkey_volatile_read(&buf[0], sizeof(buf)); + if (status != HSM_MASTERKEY_FAIL) { + cli_print(cli, "\nVolatile read-out:\n"); + uart_send_hexdump(STM_UART_MGMT, buf, 0, sizeof(buf) - 1); + cli_print(cli, "\n"); + } else { + cli_print(cli, "Failed reading from flash"); + } + + status = masterkey_flash_read(&buf[0], sizeof(buf)); + if (status != HSM_MASTERKEY_FAIL) { + cli_print(cli, "\nFlash read-out:\n"); + uart_send_hexdump(STM_UART_MGMT, buf, 0, sizeof(buf) - 1); + cli_print(cli, "\n"); + } else { + cli_print(cli, "Failed reading from flash"); + } + + return CLI_OK; +} + +static int cmd_masterkey_set(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + uint8_t buf[KEK_LENGTH] = {0}; + int i; + + if ((i = _parse_hex_groups(&buf[0], sizeof(buf), argv, argc)) != 1) { + cli_print(cli, "Failed parsing master key (%i)", i); + return CLI_OK; + } + + cli_print(cli, "Parsed key:\n"); + uart_send_hexdump(STM_UART_MGMT, buf, 0, sizeof(buf) - 1); + cli_print(cli, "\n"); + + if (masterkey_volatile_write(buf, sizeof(buf)) == HSM_MASTERKEY_OK) { + cli_print(cli, "Master key set in volatile memory"); + } else { + cli_print(cli, "Failed writing key to volatile memory"); + } + return CLI_OK; +} + +static int cmd_masterkey_erase(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + if (masterkey_volatile_erase(KEK_LENGTH) == HSM_MASTERKEY_OK) { + cli_print(cli, "Erased master key from volatile memory"); + } else { + cli_print(cli, "Failed erasing master key from volatile memory"); + } + return CLI_OK; +} + +static int cmd_masterkey_unsecure_set(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + uint8_t buf[KEK_LENGTH] = {0}; + int i; + + if ((i = _parse_hex_groups(&buf[0], sizeof(buf), argv, argc)) != 1) { + cli_print(cli, "Failed parsing master key (%i)", i); + return CLI_OK; + } + + cli_print(cli, "Parsed key:\n"); + uart_send_hexdump(STM_UART_MGMT, buf, 0, sizeof(buf) - 1); + cli_print(cli, "\n"); + + if (masterkey_flash_write(buf, sizeof(buf)) == HSM_MASTERKEY_OK) { + cli_print(cli, "Master key set in unsecure flash memory"); + } else { + cli_print(cli, "Failed writing key to unsecure flash memory"); + } + return CLI_OK; +} + +static int cmd_masterkey_unsecure_erase(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + if (masterkey_flash_erase(KEK_LENGTH) == HSM_MASTERKEY_OK) { + cli_print(cli, "Erased unsecure master key from flash"); + } else { + cli_print(cli, "Failed erasing unsecure master key from flash"); + } + return CLI_OK; +} + +void configure_cli_masterkey(struct cli_def *cli) +{ + /* masterkey */ + cli_command_root(masterkey); + /* masterkey status */ + cli_command_node(masterkey, status, "Show status of master key in RAM/flash"); + + /* masterkey set */ + cli_command_node(masterkey, set, "Set the master key in the volatile Master Key Memory"); + /* masterkey erase */ + cli_command_node(masterkey, erase, "Erase the master key from the volatile Master Key Memory"); + + cli_command_branch(masterkey, unsecure); + /* masterkey unsecure set */ + cli_command_node(masterkey_unsecure, set, "Set master key in unprotected flash memory (if unsure, DON'T)"); + /* masterkey unsecure erase */ + cli_command_node(masterkey_unsecure, erase, "Erase master key from unprotected flash memory"); +} diff --git a/projects/hsm/mgmt-masterkey.h b/projects/hsm/mgmt-masterkey.h new file mode 100644 index 0000000..5d2624a --- /dev/null +++ b/projects/hsm/mgmt-masterkey.h @@ -0,0 +1,43 @@ +/* + * mgmt-masterkey.h + * ----------- + * Management CLI masterkeyellaneous functions. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __STM32_CLI_MGMT_MASTERKEY_H +#define __STM32_CLI_MGMT_MASTERKEY_H + +#include "stm-init.h" +#include + +extern void configure_cli_masterkey(struct cli_def *cli); + +#endif /* __STM32_CLI_MGMT_MASTERKEY_H */ -- cgit v1.2.3 From 2c5fe8b063388803b31e97f051e7675d992efe58 Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Fri, 24 Jun 2016 10:36:59 +0200 Subject: The masterkey stuff was accidentally committed to master in libhal (by me) --- .gitmodules | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitmodules b/.gitmodules index 898dc58..d3946e7 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,7 +1,6 @@ [submodule "libhal"] path = libraries/libhal url = git@git.cryptech.is:sw/libhal.git - branch = ft-ks_flash [submodule "thirdparty/libtfm"] path = libraries/thirdparty/libtfm url = git@git.cryptech.is:sw/thirdparty/libtfm.git -- cgit v1.2.3 From 76a0f707cd0bd10fc96bc50fb81ba0248915b5e2 Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Fri, 24 Jun 2016 13:13:37 +0200 Subject: Masterkey functions now return hal_error_t as suggested by Rob. --- projects/hsm/mgmt-masterkey.c | 53 +++++++++++++++++++++++++++---------------- 1 file changed, 34 insertions(+), 19 deletions(-) diff --git a/projects/hsm/mgmt-masterkey.c b/projects/hsm/mgmt-masterkey.c index 7cea62d..7938e33 100644 --- a/projects/hsm/mgmt-masterkey.c +++ b/projects/hsm/mgmt-masterkey.c @@ -32,22 +32,31 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#define HAL_OK CMSIS_HAL_OK + #include "stm-init.h" #include "stm-uart.h" #include "mgmt-cli.h" #include "mgmt-masterkey.h" -#include "masterkey.h" + +/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */ +#undef HAL_OK +#define LIBHAL_OK HAL_OK +#include +#include +#undef HAL_OK #include #define KEK_LENGTH (256 / 8) -static char * _status2str(masterkey_status_t status) + +static char * _status2str(const hal_error_t status) { switch (status) { - case HSM_MASTERKEY_SET: + case LIBHAL_OK: return (char *) "Set"; - case HSM_MASTERKEY_NOT_SET: + case HAL_ERROR_MASTERKEY_NOT_SET: return (char *) "Not set"; default: return (char *) "Unknown"; @@ -74,37 +83,37 @@ static int _parse_hex_groups(uint8_t *buf, size_t len, char *argv[], int argc) static int cmd_masterkey_status(struct cli_def *cli, const char *command, char *argv[], int argc) { - masterkey_status_t status; + hal_error_t status; uint8_t buf[KEK_LENGTH] = {0}; cli_print(cli, "Status of master key:\n"); status = masterkey_volatile_read(NULL, 0); - cli_print(cli, " volatile: %s", _status2str(status)); + cli_print(cli, " volatile: %s / %s", _status2str(status), hal_error_string(status)); status = masterkey_flash_read(NULL, 0); - cli_print(cli, " flash: %s", _status2str(status)); + cli_print(cli, " flash: %s / %s", _status2str(status), hal_error_string(status)); /* XXX Temporary gaping security hole while developing the master key functionality. * REMOVE READ-OUT OF MASTER KEY. */ status = masterkey_volatile_read(&buf[0], sizeof(buf)); - if (status != HSM_MASTERKEY_FAIL) { + if (status == LIBHAL_OK || status == HAL_ERROR_MASTERKEY_NOT_SET) { cli_print(cli, "\nVolatile read-out:\n"); uart_send_hexdump(STM_UART_MGMT, buf, 0, sizeof(buf) - 1); cli_print(cli, "\n"); } else { - cli_print(cli, "Failed reading from flash"); + cli_print(cli, "Failed reading from volatile memory: %s", hal_error_string(status)); } status = masterkey_flash_read(&buf[0], sizeof(buf)); - if (status != HSM_MASTERKEY_FAIL) { + if (status == LIBHAL_OK || status == HAL_ERROR_MASTERKEY_NOT_SET) { cli_print(cli, "\nFlash read-out:\n"); uart_send_hexdump(STM_UART_MGMT, buf, 0, sizeof(buf) - 1); cli_print(cli, "\n"); } else { - cli_print(cli, "Failed reading from flash"); + cli_print(cli, "Failed reading from flash: %s", hal_error_string(status)); } return CLI_OK; @@ -113,6 +122,7 @@ static int cmd_masterkey_status(struct cli_def *cli, const char *command, char * static int cmd_masterkey_set(struct cli_def *cli, const char *command, char *argv[], int argc) { uint8_t buf[KEK_LENGTH] = {0}; + hal_error_t err; int i; if ((i = _parse_hex_groups(&buf[0], sizeof(buf), argv, argc)) != 1) { @@ -124,20 +134,22 @@ static int cmd_masterkey_set(struct cli_def *cli, const char *command, char *arg uart_send_hexdump(STM_UART_MGMT, buf, 0, sizeof(buf) - 1); cli_print(cli, "\n"); - if (masterkey_volatile_write(buf, sizeof(buf)) == HSM_MASTERKEY_OK) { + if ((err = masterkey_volatile_write(buf, sizeof(buf))) == LIBHAL_OK) { cli_print(cli, "Master key set in volatile memory"); } else { - cli_print(cli, "Failed writing key to volatile memory"); + cli_print(cli, "Failed writing key to volatile memory: %s", hal_error_string(err)); } return CLI_OK; } static int cmd_masterkey_erase(struct cli_def *cli, const char *command, char *argv[], int argc) { - if (masterkey_volatile_erase(KEK_LENGTH) == HSM_MASTERKEY_OK) { + hal_error_t err; + + if ((err = masterkey_volatile_erase(KEK_LENGTH)) == LIBHAL_OK) { cli_print(cli, "Erased master key from volatile memory"); } else { - cli_print(cli, "Failed erasing master key from volatile memory"); + cli_print(cli, "Failed erasing master key from volatile memory: %s", hal_error_string(err)); } return CLI_OK; } @@ -145,6 +157,7 @@ static int cmd_masterkey_erase(struct cli_def *cli, const char *command, char *a static int cmd_masterkey_unsecure_set(struct cli_def *cli, const char *command, char *argv[], int argc) { uint8_t buf[KEK_LENGTH] = {0}; + hal_error_t err; int i; if ((i = _parse_hex_groups(&buf[0], sizeof(buf), argv, argc)) != 1) { @@ -156,20 +169,22 @@ static int cmd_masterkey_unsecure_set(struct cli_def *cli, const char *command, uart_send_hexdump(STM_UART_MGMT, buf, 0, sizeof(buf) - 1); cli_print(cli, "\n"); - if (masterkey_flash_write(buf, sizeof(buf)) == HSM_MASTERKEY_OK) { + if ((err = masterkey_flash_write(buf, sizeof(buf))) == LIBHAL_OK) { cli_print(cli, "Master key set in unsecure flash memory"); } else { - cli_print(cli, "Failed writing key to unsecure flash memory"); + cli_print(cli, "Failed writing key to unsecure flash memory: %s", hal_error_string(err)); } return CLI_OK; } static int cmd_masterkey_unsecure_erase(struct cli_def *cli, const char *command, char *argv[], int argc) { - if (masterkey_flash_erase(KEK_LENGTH) == HSM_MASTERKEY_OK) { + hal_error_t err; + + if ((err = masterkey_flash_erase(KEK_LENGTH)) == LIBHAL_OK) { cli_print(cli, "Erased unsecure master key from flash"); } else { - cli_print(cli, "Failed erasing unsecure master key from flash"); + cli_print(cli, "Failed erasing unsecure master key from flash: %s", hal_error_string(err)); } return CLI_OK; } -- cgit v1.2.3